1. Field of the Invention
The present invention generally relates to protecting computers and more particularly to controlling network access by modifying packet headers.
2. Description of the Related Art
When devices are attached to a network, the devices must be correctly configured to work properly. Malicious or accidental misconfiguration of devices may result in loss of service to the device itself or other devices on the network. In public LANs (local area networks) such as those found at conferences, exhibitions, media rooms, etc., the network administrators are faced with the task of ensuring the devices connected to the LAN behave properly.
For example, with conventional LANs, each client connected to a hub must have a unique hardware and network address. If users connecting to a hub inadvertently have the same address, the conflicting addresses will prevent the LAN and hub from processing communications correctly. It is becoming more common for convention centers and trade shows to allow individuals operating their own personal computers to connect to a hub of a LAN for the purpose of retrieving information from the LAN or connecting to another network such as the Internet. However, such random connections by unidentified pieces of hardware can readily create address conflicts.
Generally, administrators ensure proper LAN operation by detecting and fixing errors as they occur on the LAN. If the error was maliciously created, the problem may be hard to detect. In any case, with conventional systems, the problem must be handled manually.
If more sophisticated LAN equipment is used, each port on the LAN can be partitioned from all the other ports to better isolate problems. If enough computing power is present at the ports, many misconfigurations and problems can be dealt with and corrected by the individual ports. If each port is connected directly to a server, clients won""t be able to interfere with each others"" traffic and the server can correct any errors before forwarding the packet on to its destination. However this means that a non-shared line must be run from every client to the server. This increases the cost per client because of the wiring cost as well as the cost at the server since the server must have a port for each client and greatly increases the cost of the LAN. Therefore, there is a need to be able to process and modify network packets without substantially increasing the costs per port of the LAN.
It is, therefore, an object of the present invention to provide a structure and method for controlling network access without extensive hardware enhancements by modifying packet headers. More specifically, the invention includes a method of processing packets of information over a data processing system. The packets have header information indicating a source and a destination of the packets. The method includes receiving a packet from a client, forwarding the packet to a hub of a local area network, changing the hardware level header of the packet such that the packet is directed to a server instead of an original destination, processing the packet through the server to produce a processed packet, and forwarding the processed packet to the original destination.
With the invention, the hub only allows packets from the server to be delivered to the client. Further, the processing screens the packet for proper access rights and changes the packets to correct errors within the packets. Also, the server processes the packet to prevent damage or unauthorized access to the original destination. The server further modifies the header to eliminate conflicting addresses of clients connected to the hub. All hubs connected to the local area network modify headers of packets being processed such that all packets being transmitted by the clients connected to the hubs are processed through the server.
In another embodiment, the invention comprises a data processing network that includes at least one server, at least one local area network connected to the server, at least one hub connected to the local area network, and at least one client connected to the hub. The client transmits packets to the hub. The packets have header information indicating a source and a destination of the packets. The hub changes the header of the packet such that the packet is directed to the server instead of an original destination. The server processes the packet and forwards the packet to the original destination.
In a further embodiment, the invention comprises a hub for a data processing network having at least one server. The hub includes a first connected to the server, a second connection to at least one client, and an addressing unit operatively connected to the first connection and the second connection and in communication with the server. The client transmits packets to the second connection, the packets have header information indicating a source and a destination of the packets, the addressing unit changes the header of the packet such that the packet is directed to the server instead of an original destination, and the server processes the packet and forwards the packet to the original destination based on information from the addressing unit.
The addressing unit only allows packets from the server to be delivered to the client. Further, the addressing unit supplies the server information to screen the packet for proper access rights, to change the packets to correct errors within the packets, to process the packet to prevent damage or unauthorized access to the original destination, and to modify the header to eliminate conflicting addresses of clients connected to the hub.